Re: Malware popups issue

**tacobelldog111** · **tacobelldog111** on 2nd December 2009, 5:42 pm

Today I noticed that when I open my task manager while one of the random audio ads was playing there are about 15 instances of internet explorer running without any physical browser window actually being open. I generally use firefox and haven't even opened ie in a long time. All the ie's running have names that would suggest they are ads.

**Belahzur** · **Belahzur** on 2nd December 2009, 8:46 pm

Hmm. I think we may need Combofix, can you try running it again.

**tacobelldog111** · **tacobelldog111** on 2nd December 2009, 9:58 pm

I tried a number of things to get combofix to run, all to no avail. When I started my computer back in normal mode I was met with a windows defender warning telling me I have the trojan FakeVimes and a Destination Folder Acess Denied window telling me I didn't have access to the folder "etc".

Has not getting combofix to run exhausted our options or are there other ways to get it working?

**Belahzur** · **Belahzur** on 2nd December 2009, 10:42 pm

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\program files\dhbsnxbwptnez

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

**tacobelldog111** · **tacobelldog111** on 2nd December 2009, 11:37 pm

========== FILES ==========
c:\program files\Dhbsnxbwptnez\Log\Visual folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log\Text folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log\Audio folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log folder moved successfully.
c:\program files\Dhbsnxbwptnez folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTM by OldTimer - Version 3.1.2.0 log created on 12022009_183736

**Belahzur** · **Belahzur** on 3rd December 2009, 1:38 am

How is the machine now? still having problems?

**tacobelldog111** · **tacobelldog111** on 3rd December 2009, 7:41 am

Yes, doesn't seem like anything's changed.

**tacobelldog111** · **tacobelldog111** on 3rd December 2009, 7:59 pm

My computer is now telling me I have UACD.sys

**tacobelldog111** · **tacobelldog111** on 3rd December 2009, 8:01 pm

I also seem to have something called "System Defender" installed on my system

**tacobelldog111** · **tacobelldog111** on 3rd December 2009, 8:36 pm

Ok, this is currently the situation. I can no longer start my system normally, I have to start in safemode. When I star normally there is a blue screen and it says stuff like "explorer stopped working". In safe mode almost all my regular settings are no longer there. I can't run malware bytes without an error, I tried running combofix and it told me that CFScript was not correct or something.